The world’s growing dependence on technology means greater opportunities for tech-savvy criminals. Recent months have seen a significant increase in a type of cyber-crime known as “ransomware.” Enigma Software Group reports that there was a 158.87 percent increase in ransomware detected by SpyHunter between March and April 2016.
With ransomware, hackers use malware to infect a company’s IT system and encrypt the files, rendering them inaccessible. This encryption may take place over the course of weeks. The cyber criminals demand payment in exchange for releasing the data. While the demands tend to be relatively small, less than $1,000, it can add up to significant profits if only a few victims pay the ransom every day. Even if victims don’t pay up, a ransomware attack can still waste company resources, disrupt business, cause a loss of sales and data, and damage a company’s reputation.
From North America to Australia, ransomware users are primarily targeting small and medium-sized businesses (SMBs). According to Newsweek, recent ransomware victims have included schools in Minnesota, a church in Oregon, and a hospital in Georgia. Such organizations depend on their IT systems more than individual consumers, but they tend to have less sophisticated security measures than larger enterprises.
Types of ransomware can vary. One of the better-known and more profitable types of ransomware is CryptoWall, first discovered in June 2014. Other ransomware malware “families” include TorrentLocker and TeslaCrypt, with numerous variations. Hackers may demand payment in bitcoin. Malware often hides in emails that prompt users to download an attachment or click on a link to a malicious website posing as a legitimate organization. An infected website may encourage the user to update the computer’s security software, which deposits the malware into the system. Some ransomware actually seeks out file types that are considered more valuable, such as photographs or financial worksheets. Hackers may disguise the malware as official notices from the FBI or other government agency to try to intimidate the victim.
Victims of a ransomware attack can feel violated and powerless, but there are ways to empower SMBs and help reduce malware risk, and to help them move forward if an attack has already occurred.
What to Do to Prevent an Attack
All SMBs can take certain recommended measures to reduce the risk of malware and a ransomware attack. These prevention techniques include:
- Get to know your data, where it is located, how you access it, and how many people can access it.
- Back up system files every day. Service providers and software are available to help. These backups should not be connected to the network, however, as they may fall victim to the same malware.
- At the very least, use basic security software, including a firewall and internet browser extensions that detect malicious websites. Update these features whenever possible. Use complex passwords, and change them periodically.
- Enlist the help of a qualified, legitimate, third-party cyber security specialist or firm to determine where improvements can be made in an SMB’s IT system.
- Take advantage of free (but trustworthy) resources. For example, the Small Business Administration offers numerous tools for small businesses looking to secure their data.
- Educate all staff and volunteers on best practices for information security. These practices include never opening an email attachment or clicking a link in an email, even if you recognize the sender.
- Restrict access to your company’s data and devices whenever possible, with proper access controls, and use a password with your business’s WiFi network. If you allow employees to bring their own devices to use on the company network, make sure those devices have proper security measures, as well.
- Depending on the small business, clients may make certain demands about its cyber security measures. If this is the case, make sure you are prepared to meet clients’ security needs.
- Create a plan for how the company will respond and move forward if it does become a target for ransomware.
What to Do After an Attack
If prevention measures come too late, and a company finds itself facing a ransomware threat, there are still recommended practices.
- Do not pay the ransom. Cyber criminals are betting that small companies would rather pay up than risk their data. However, the FBI advises against paying the extortionists. Agreeing to the demands does not guarantee that a company will regain the compromised data, or that it will be returned in its previous condition.
- Wipe the data. This is an easier step to take if the data were properly backed up.
- Contact the company’s web hosting provider before contacting the police. The FBI should be contacted if there is significant loss. Keep in mind, however, that many hackers operate from overseas, and local police and even the FBI are unable to prosecute.
- Share threat information with relevant organizations when possible. The more information that security professionals and organizations have on threats and attacks, the better they can develop defenses against them.
Ransomware can have devastating results for any organization, but there are steps you can take to prevent it, protecting your business and its data. Following recommended IT security practices and responding to threats appropriately can help reduce the risk of becoming a victim to ransomware. Contact us for more information about securing your technology and data.